Skill audit report

Harden Runner audit report.

Harden-Runner is a CI/CD security agent that works like an EDR for GitHub Actions runners. It monitors network egress, file integrity, and process activity on those runners, detecting threats in real-time.

VERIFIED · ALLOWSafe to tryGenerated Jun 16, 2026Heuristic metadata audit

Audit

Trust

100

Quality

Security

100

Maintain

Install

OpenAgentSkill Trust Score

Production candidate

Stars, maintenance, license, docs, dependency risk, and installability.

The Trust Score is OpenAgentSkill's adoption layer. It is designed to help an agent decide whether a skill is safe enough to shortlist before installation.

GitHub adoption

PASS

1.2K GitHub stars

Recent maintenance

PASS

100

3d since push

License clarity

PASS

Apache-2.0

README/SKILL.md completeness

PASS

Metadata includes enough usage and workflow context

Dependency risk

PASS

no major dependency risk hints in public metadata

Install availability

PASS

npx skills add step-security/harden-runner

Repository evidence

PASS

https://github.com/step-security/harden-runner

Review status

PASS

AI review data available

Checks

Install and adoption review

8 passed · 0 review

Install path

PASS

npx skills add step-security/harden-runner

Repository

PASS

https://github.com/step-security/harden-runner

License

PASS

Apache-2.0

Maintenance

100

PASS

3d since push

AI review

PASS

Approved with no listed issues

README/SKILL.md completeness

PASS

Usable description available

Dependency risk

PASS

no major dependency risk hints in public metadata

Adoption

PASS

1.2K GitHub stars

Warnings

No major warnings detected from available metadata.

Method

This report combines public metadata, AI review output, repository freshness, install readiness, OpenAgentSkill events, quality scoring, trust checks, and the agent safety gate. It is not a full source-code security review.

Install path

Review the report before installing into production agents.

$ npx skills add step-security/harden-runner

Signals

Audit score: 97/100
Quality: 100/100
Trust: 96/100
Maintenance: 3d since push
Events: No events yet
GitHub stars: 1.2K
Last push: Jun 13, 2026

Agent safety v2

89/100 · Safe to install with normal review

Verifiedallow

Strong metadata, audit, install, and review signals. Suitable for agent shortlists after normal workspace review.

Allow agent install in a sandbox or low-risk workspace, then promote after one successful narrow task.

Verified listing
Safe-to-try audit
89/100 agent safety score

Network access

medium

Skill likely fetches remote pages, APIs, repositories, or external services.

Filesystem access

medium

Skill may read or write project files, documents, generated artifacts, or local workspace state.

Back to skill Alternatives Audit badge SVG

Compare nearby options

Harden Runner audit report.

Stars, maintenance, license, docs, dependency risk, and installability.

Install and adoption review

Related skills to audit next

Act

Gitea

Goreleaser